bertje (10-01-2009),sneezing panda (09-27-2009),StornX (03-10-2011)
This reference will cover some aspects of the add-on function within Mozilla FireFox. I will not go into depth about what the best combination of add-ons to use for security reasons are, however i will provide simple descriptions of the add-ons and links to the download on Mozilla's official website... Maybe another time i'll write up a thread on how to stay 99% anonymous by using just Firefox and add-ons
Intro: If your not aware, Firefox is a free stand alone web browser which runs on the Gecko engine. Its open source and very powerful, a lot of people prefer to use this compared to the crappy speeds of Microsoft's Internet Explorer. There are literally 1000's of add-ons created by individual developers and company's, which adds great customization.
Firefox is unique for the ability to have so many add-ons, starting with simple themes/tool-bars ranging all the way to SQLi helpers and XSS testers.
You can even code your own add-ons if you have the ability. Another note, is that Firefox has been made multi-platform, and plug-ins work universally, so any of these should work on Unix/Linux/solaris/macdows (if Firefox is supported on that OS obviously...).
Heres a list of the tools with links, i have used in the past, and even today that i find most useful with Firefox for penetration testing purposes...
XSS me
Cross-Site Scripting (XSS) is a common flaw found in today's web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
SQL Inject me
SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
SQL Injection 1.3
SQL Injection is an Upgrade from the old form free, it is a component to transform check-boxes, radio buttons, select elements to a input text and enable disabled elements from all forms in a page.
It makes easier to test and identify SQL injection vulnerabilities in web pages.
FoxyProxy
FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc.
TorButton 1.2.2
Torbutton provides a button to securely and easily enable or disable the browser's use of Tor. It is currently the only add-on that will safely manage your Tor browsing to prevent IP address leakage, cookie leakage, and general privacy attacks.
Trashmail 2.0.2
Create free disposable email addresses and paste them directly in forms. This helps to protect you from spam mails and could be useful when subscribing to forums or newsletters...
NoScript
The best security you can get in a web browser! Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
HackBar
Simple security audit / Penetration test tool.
TamperData
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters... Usefull for flash based games and GET parameter editing.
CryptoFox
CryptoFox is an encryption/decryption tool for Mozilla Firefox, with dictionary attack support for cracking MD5 passwords.
RefControl
Control what gets sent as the HTTP Referer on a per-site basis. You create a list of sites, and the referrer that should be sent for each site. You can choose to send that referrer unconditionally or only for third-party requests. Additionally, you can specify the default behavior for any site not in the list.
Milw0rm Search Plugin
This plugin lets you search on milw0rm exploit database.
noXSS
Protects you against XSS attacks
Google Site Indexer 0.13
A Windows search program turned Firefox Extension, GSI Creates Site Maps based on Google queries. Useful for both Penetration Testing and Search Engine Optimization. GSI sends zero packets to the host making it anonymous.
ShowIP
Show the IP address(es) of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard.
BlockSite 0.7.1
BlockSite is an extension, which automagically blocks websites of your choice. Additionally, this extension will disable all hyperlinks to these websites, by just displaying the link text without the clicking functionality. I personally use this to block Meat spin/on.nimp and other shock sites.
Add N Edit Cookies
Cookie Editor that allows you add and edit "session" and saved...
CookieCuller
Delete unwanted cookies with the click of a button, Keep the cookies you want, automatically delete the rest.
FireFTP
FireFTP is a free, secure, cross-platform FTP client for Mozilla Firefox which provides easy and intuitive access to FTP servers.
*please note, that some of these plugins may only be compatible with specific version of Firefox.
Original list made by Xdem0, credits to him
Press thanks if you liked
bertje (10-01-2009),sneezing panda (09-27-2009),StornX (03-10-2011)